Plan your Password Reset processes

Plan your Password Reset processes

Plan your Password Reset
processes

To ensure security and efficiency, take the time to plan your Password Reset
implementation.

Before you begin

Role required: password_reset_admin or admin

Procedure

Decide on the password reset process:

Self-service process: Users reset their password
over the Internet using a browser on any supported interface, including
mobile devices. To make the Password Reset
application with Orchestration available to all users publicly, create a
new Password Reset
process only for this purpose and make it accessible to all users by
setting the Public access property.

Understand how groups and roles differ in their access and security
needs.

Analyze and assess how members of each group in your organization access the
system. For example, if members of the sales group primarily access the system
remotely, consider using a stronger method or multiple methods to verify the
identity of each user.

Identify user roles that have access to critical
information and resources. For example, stronger verifications might be
required for roles that have access to employee data, accounting
information, or network configurations.

Based on your analysis of groups
and roles, determine the number and variety of verifications needed for the
different Password Reset
processes.

Consider how to manage credentials.

Determine whether single sign-on is enabled with the type of directory service
or other credential store used. If the directory service is configured for
single sign-on, consider increasing the level of security by using multiple
methods to verify identity of a user. A compromised user name and password can
easily allow access to associated systems in a single sign-on
environment.

Consider how to implement enrollment in the Password Reset program.

For example, will enrollment be optional or required? Will users be
auto-enrolled? How will users be notified to enroll in the program? The answers
to these questions will help you determine the appropriate verification types to
use.

Consider which Password Reset options to
offer to users.

If your organization uses single sign-on, how will users reset their
password if they are unable to log on?